Expose auth policy resolution utilities for framework integrations#1512
Conversation
Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
There was a problem hiding this comment.
Pull request overview
This PR exposes small, reusable auth-policy utilities to support framework integrations (per #1511), by extracting policy resolution and OAuth2/OIDC unwrapping logic from DefaultAuthProviderFactory into public, stateless helpers.
Changes:
- Added
DefaultAuthProviderFactory.resolvePolicy(Workflow, ReferenceableAuthenticationPolicy)to resolve inline vs referenced auth policies. - Introduced public
OAuthPolicyDatarecord withfrom(AuthenticationPolicyUnion)to normalize OAuth2 vs OIDC extraction. - Refactored OAuth provider construction to use
OAuthPolicyData, and added focused unit tests for both helpers.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java | Adds resolvePolicy and refactors auth provider creation to use OAuthPolicyData. |
| impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java | New public record providing a single extraction path for OAuth2/OIDC policy data. |
| impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java | Switches constructor input from policy type to OAuthPolicyData. |
| impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java | Switches constructor input from policy type to OAuthPolicyData. |
| impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java | Adds tests covering inline vs reference resolution and null cases. |
| impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthPolicyDataTest.java | Adds tests covering OAuth2/OIDC extraction (inline vs secret) and non-OAuth inputs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
| if (oidc != null && oidc.getOidc() != null) { | ||
| OpenIdConnectAuthenticationPolicyConfiguration config = oidc.getOidc(); |
There was a problem hiding this comment.
I think that one of the benefits of using multipe return for this method is that it allow to write thing like this
| if (oidc != null && oidc.getOidc() != null) { | |
| OpenIdConnectAuthenticationPolicyConfiguration config = oidc.getOidc(); | |
| if (oidc != null) { | |
| OpenIdConnectAuthenticationPolicyConfiguration config = oidc.getOidc(); | |
| if (config != null) { | |
| } |
fjtirado
left a comment
There was a problem hiding this comment.
Also a very good one, just usual picky comments ;)
Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
| public record OAuthPolicyData( | ||
| OAuth2AuthenticationData data, SecretBasedAuthenticationPolicy secret, OAuthScheme scheme) {} |
There was a problem hiding this comment.
hmmm, I think is better to not declare this as inner record, but in a separate class
|
|
||
| private OAuthUtils() {} | ||
|
|
||
| public enum OAuthScheme { |
There was a problem hiding this comment.
Same for this enum, it is bettes to have it in a separate class
| return Optional.empty(); | ||
| } | ||
|
|
||
| public static AuthenticationPolicyUnion resolvePolicy( |
There was a problem hiding this comment.
I do not know where this method is used, but should not return Optional.empty rather than null?
Replace null returns with Optional in OAuthUtils.resolvePolicy to align with the existing from() method style, and extract OAuthScheme to its own top-level file. Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
Move OAuthPolicyData out of OAuthUtils into its own file so integrations can reference it directly, and add a static from(AuthenticationPolicyUnion) convenience factory that delegates to OAuthUtils.from(). Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
Many thanks for submitting your Pull Request ❤️!
What this PR does / why we need it:
Special notes for reviewers:
Additional information (if needed):
Closes #1511